This portal uses demo keys by default. If you tap one of our demo cards, everything works out of the box.
To test your own NTAG424 card, enter the keys you programmed on it. All three fields are optional — enter only what differs from the demo defaults.
Key 3 — SDM Meta Read Key programmed on the card. Decrypts the PICC block (UID + counter) in the URL.
Master Key — server-side diversification secret. Used to derive Key 4 per card UID. Never stored on the card.
Key 4 — pre-computed diversified key. If you leave this blank, it is derived automatically from Master Key.
|
Key 3 SDM Meta Read Key |
DEMO KEY B3000000000000000000000000000000 |
|
Master Key Diversification Secret |
DEMO KEY B9000000000000000000000000000000 |
|
Key 4 Diversified File Key |
AUTO-DERIVEDAES-CMAC(demo Master Key, AID, UID, SYSID)
UID-specific — computed per tap. Shown on the Verify page after each scan.
|
Keys are bound to your browser session. If you set your keys on a desktop, they will not apply when you tap your card from a mobile device — each browser has its own independent session.
To test with a physical tap: open this page on your mobile device, enter your keys there, then tap your card — the verification will use the keys you set on that device.
Your keys never leave your browser. They are stored only in a signed, HTTP-only session cookie — never written to server logs or disk. They expire automatically after 10 minutes.
If you only enter Key 3, Key 4 is derived automatically for each card tap:
Key 4 depends on the card UID — each card gets a unique value. If you have already computed your Key 4, enter it directly above and skip the derivation. The exact Key 4 used for each tap is always displayed on the Verify page.